我正在使用以下组件构建自己的证书链:
Root Certificate - Intermediate Certificate - User Certificate
Root Cert是自签名证书,中间证书由Root和User by Intermediate签名.
现在我想验证用户证书是否具有根证书的锚点.
随着
openssl verify -verbose -CAfile RootCert.pem Intermediate.pem
确认就可以了.在下一步中,我验证用户证书,
openssl verify -verbose -CAfile Intermediate.pem UserCert.pem
验证在0深度查找时显示错误20:无法获得本地颁发者证书
怎么了?
我试图为客户端和服务器设置自签名TLS配置,其中服务器是Tomcat 7,客户端是Apache httpclient 4.1.服务器配置为从其中取出这里和客户端代码是取自这里.
我的tomcat配置如下所示:
<Connector clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="keys/server.jks" keystoreType="JKS" keystorePass="password"
truststoreFile="keys/server.jks" truststoreType="JKS" truststorePass="password"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2"
sslProtocol="TLS" />
我的客户端代码如下所示:
final HttpParams httpParams = new BasicHttpParams();
// load the keystore containing the client certificate - keystore type is probably jks or pkcs12
final KeyStore keystore = KeyStore.getInstance("pkcs12");
FileInputStream keystoreInput = = new FileInputStream("d:/dev/java/conf/keys/client.p12");;
// TODO get the keystore as an InputStream from somewhere
keystore.load(keystoreInput, "password".toCharArray());
// load …